just another infosec blog

CSI Cyber – Educating the masses

The CSI franchise got a new addition this spring with a show dedicated to the cyber-landscape. It stars Patricia Arquette in the leading role. It follows the same recipe as the rest of the CSI series. This means a lot of CGI, bad cast and what not. I think I’ll end my introduction to it right here. The series has gotten its fair share of bashing in the media. I always feel uneasy when Hollywood tries to depict hacking. Think back to the movies Hackers, Sneakers and Swordfish. This new CSI thingy didn’t do for me anything better. But I won’t bash it because buried under all the CGI and the bad acting there’s something interesting. In this post I have tried my best to find out if the topics for each episode is plausible or not by peeling away that CGI and fiction stuff. Please be aware that I jump to conclusion here and there, you may want to see the entire season before reading on.

Plausible background material for episodes in first season

Episode 1 “Kidnapping 2.0”

“The FBI’s Cyber Crime Division investigates a series of hacked baby monitors, but Avery believes it may be only a small part of a wider kidnapping conspiracy.” – Wikipedia

It appears that the backdrop of this episode is hackers taking over baby monitors scare. The most recent news report I found mentioned that a couple in Washington got their baby monitor hacked.Their son complained that someone was talking to him, one night they heard a voice saying “wake up little boy, daddy’s looking for you”. The couple also believed this to be a hacker and that he had hacked the device’s camera. Of course, this news report was dated April 24th, 2015 – being far to new for this episode. Earlier news stories appears to be more of the same.

Is it plausible? Yes and possibly no. It is plausible that an hacker might hack into baby monitor. There’s evidence this has happened. Could it be escalated into a kidnapping? Well – no, not alone. I think it would be easier to just find out if the household has a baby in it and then kidnap the baby directly by breaking in. On the other hand, if I wanted to scare the shit out of the parents, then maybe. I’m no crime investigator or criminal, but I find the story unlikely.

Episode 2 “CMND:\Crash”

“Avery investigates a multiple fatality roller-coaster crash in which the computer was hacked and the safeguards disengaged.” – Wikipedia

I couldn’t find a backdrop related to roller-coasters. However, the subject isn’t anywhere new. People has always feared hackers getting access to control units. The most recent news story mentioned that hackers overtook the steering and brakes of a Jeep on the highway. But this report is too new for this episode. It’s more likely the writers took basis in SCADA hacking, medical equipment hacking and Stuxnet. it would be easy to base this episode on these reports alone.

Depending on how the roller-coaster was secured and which technology is involved – then yes, it could be plausible.

Episode 3 “Killer En Route”

This episode was a bit more difficult. As far as I can see there are no reports on Uber being used for murders like in this episode. Uber has had its share of bad events, though. More here. It seems the writers paired the popularity of Uber with the dangers of relying on unknown people and services on the Net. The best example besides those unlucky stories would be online dating and its related dangers. Think of Internet homicide.

I can’t say how easy it would be to hack Uber. But in theory, any system can be hacked. I would like to say “yes” it’s plausible for this episode to act out in real life. But I’m unsure.

Episode 4 “Fire Code”

“A new code takes advantage of a popular printer’s design flaw to allow cyber-arsonists to set fires remotely” – Wikipedia

Imagine hackers being able to put laser printers on fire remotely. At first I was like “no – that’s just to dumb to be true”. Then the “lp0 on fire” error message from UNIX crossed my mind. Nah. That seems just too silly. After researching this issue on Google I stumbled across something interesting. Apparently researchers from Columbia University did find it possible to install new and dangerous firmware on some HP LaserJet printers. They hacked the printer’s heating element that bonds the toner pigment to the paper. This caused the paper to turn brown and begin to smoke. The show clearly exaggerated it to make a story – though.

This isn’t possible as pointed out by the researched. In my younger days I did repair a lot of laser printers. There are built in countermeasures so the paper will not start to burn. Highly unlikely.

Episode 5 “Crowd Sourced”

“The cyber team searches for a bomber obsessed with exposing truth about technology.” – Wikipedia

This episode takes a different angle on how timed bombs works. The plot twist here is that the bombs counts upwards. Uhm. Yeah. Think about that for a moment. And they don’t count upwards by the second. No. they count how many people connects to a custom WiFi net. When a threshold is reached they all go kaboom. The writers surely took the meaning of crowd sourcing to a new level. But what’s the backdrop? I’m not sure since I could not find anything related to the subject. Perhaps the Boston bombing somewhat inspired the writers.

Is this possible? Well – a timing circuit counting upwards is possible. Pairing it with technology to crowd source the counting? Yes I believe so. But not like what we saw in the episode. Given that we can not know exactly when the bomb is going to explode, there’s a change there are so many connecting devices that the bomb would blow up in our hands or in proximity.

Episode 6 “The Evil Twin”

“Avery and her team investigate the murder of a woman whose electronic devices indicate that she was alive for three days after her official time of death.” – Wikipedia

An evil twin, in this context, is a rogue WiFi access point that appears to be legitimate, but actually has been set up to eaves drop on wireless communication. It fools users to connect to it. This attack may be used to steal passwords of unsuspecting users. This is pretty much what happened in this episode. We often use such evil twins when doing penetration tests.

This is likely – we do it on pretty much each project out in the field. But – it takes a shit load of knowledge to this right. In the episode context, no – it would be easier to just flee.

Episode 7 “URL, Interrupted”

“The cyber team investigates when a high school victim of intense cyber bullying by her classmates pledges to retaliate.” – Wikipedia

Cyber bullying. Enough said. By now you should be familiar with the dangers of cyber bullying. If not, this is the episode that lifts the dangers of cyber bullying. There’s not much to say about the episode content, except that it seems based on the news reports that has been floating around for years and to this day still continue to pop up.

Yes, this could happen.

Episode 8 “Selfie 2.0”

“The cyber team investigates the abductions of young women, whose social media pages continue to be updated.” – Wikipedia

Now this is interesting. What happens if your social media page still continues to update itself after you’re dead? In real life you have probably used a service to continue your social whoring after you kicked the bucket. In the CSI universe, well, you probably got hacked. Social media gets hacked all the time – there’s a reason for this link to even exist. This episode plot is pretty low brow and a mix and match between real life and fiction.

Could this happen in real life? Yes. If you hack their profile pages, then why not? On the other hand, it seems like a hassle.

Episode 9 “L0m1s”

“Nine planes that departed from the same airport face a coordinated Wi-Fi attack while in flight. Krumitz becomes obsessed with finding the hacker of the coordinated Wi-Fi attack.” – Wikipedia

In my opinion this episode wasn’t about the hack itself. Instead it was focused on that hackers can be anyone. This is made apparent when the hacker turns out to be a very young girl. I think the backdrop of this episode is that there has been many news reports reporting on young hackers over the years. And for the airplane part? Well. It happens from time to time and it would be easy to base a story on it.

As for the age of the hacker? Yes it could happen. There are many young hackers around. The rest of the story? Yes and no. You could infect phones and laptops using USB. But placing it in the flight terminal? No. I can’t see how you would bypass security. Maybe the U.S is different than Norway?

Episode 10 “Click Your Poison”

“The cyber team investigates when a man dies after taking medication he purchased from a hacked ad on a medical Web site.” – Wikipedia

Counterfeit medication is a big problem. There are many online “pharmacies” on the Net offering medication with huge discounts. The problem is that the buyer can not be sure that he bought a legitimate medication or a counterfeited one. Interpol says more than one million people die each year from counterfeit drugs, stating it is one of the fastest-growing and most lucrative income sources for global organized crime networks. This combined with malvertising and the writers had this episode already penned down in a jiffy.

This could happen and it has. just like Interpol said.

Episode 11 “Ghost in the Machine”

“After the death of a teenager, the cyber team hunt a killer who hacks into popular online games in order to convince vulnerable teenagers to deliver dark-web purchased weapons.” – Wikipedia

There isn’t an end to what you can buy on the deep-web. A gun disguised as a power drill? That wouldn’t surprise me at all. The clue here isn’t what’s available on the dark-web. Instead, in this episode the merchant contact teenagers through a online game notifying them there’s a packet to be delivered. How true could this be? I don’t know. I couldn’t find any sources for it.

I think this could happen in real life. But the chances are slim and the whole process seems to be a hassle.

Episode 12 “Bit by Bit”

“The cyber team investigate when a power outage in Detroit is used to mask a jewelry story robbery-homicide in which the jewels were not the target.” – Wikipedia

Bitcoin is an exciting new currency. This episode focused on how to steal Bitcoins. It has been done in real life many times. I don’t think I need to discuss this further.

Yes, it could happen.

Episode 13 “Family Secrets”

“Avery Ryan identifies and later confronts the hacker who released her patients’ information when she was a psychologist. Meanwhile, Krumitz confronts the man who murdered his parents.” – Wikipedia

The season finale. In this episode one of the CSI agents aims a rifle looking snooping device at Avery’s office window in order to extract information from her laptop. The information in question is a private video which is infected by a trojan. The trojan itself communicates with Avery’s arch nemesis.

Conclusion

I really believe that CSI Cyber tries its best to inform about the risks in the cyber-landscape. It appears that the show is somewhat rooted in real life scenarios but takes a solid nosedive when trying to make it interesting for the public. I think this show only contribute to even more misconceptions about the dangers found in the Net. I suppose if my mom watched this show she would put away her laptop. Uhm. Wait a minute. Maybe that isn’t such a bad idea after all?

What do think about the show? Did it portray the world of IT like it should? Please share your thoughts in the comments section!